Behavioral task
behavioral1
Sample
a18b7cb1fe97912ffc3e38d76ccc0462.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a18b7cb1fe97912ffc3e38d76ccc0462.exe
-
Size
88KB
-
MD5
a18b7cb1fe97912ffc3e38d76ccc0462
-
SHA1
c5908c111223d69f532973643381983ba385c1c1
-
SHA256
2d5e2831e24496bd74a7a2317f824657905cdadaeb00f5c6e33e9b75c5231a2f
-
SHA512
d92025f6eb3ab4a594113813284361694ce1b78cfd513d88f4ea842ea7d37c91976066b33089c4da048e39cc4c65654637d2a14138327df40f89d4bb0963be1c
Malware Config
Extracted
Family
blacknet
Version
v3.7.0 Public
Botnet
OTwjgZ
C2
http://54.237.66.139
Mutex
BN[a4bfa882efc194e2bcd370ea]
Attributes
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
19eb68018edbdeae69b26450d3d0915f
-
startup
false
-
usb_spread
false
Signatures
-
BlackNET Payload 1 IoCs
Processes:
resource yara_rule sample family_blacknet -
Blacknet family
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule sample disable_win_def
Files
-
a18b7cb1fe97912ffc3e38d76ccc0462.exe.exe windows x86